CVE-2024-1745

Name of the Vulnerable Software and Affected Versions Testimonial Slider WordPress plugin versions prior to 2.3.7

Description The issue arises from the plugin not properly ensuring that a user has the necessary capabilities to edit certain sensitive settings, making it possible for users with at least the Author role to edit them.

Recommendations For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting the editing capabilities of users with the Author role to minimize the risk of exploitation.